Lucene search

[email protected]CVE-2008-4964

HistoryNov 06, 2008 - 3:55 p.m.

CVE-2008-4964

2008-11-0615:55:51

CWE-59

[email protected]

web.nvd.nist.gov

cve-2008-4964

local users

symlink attack

konwert 1.8

file deletion

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary files via a symlink attack on a /tmp/any-##### temporary file.

Affected configurations

NVD

Node

krzysztof_kozlowskikonwertMatch1.8

CPENameOperatorVersion
krzysztof_kozlowski:konwertkrzysztof kozlowski konwerteq1.8

CPE	Name	Operator	Version
krzysztof_kozlowski:konwert	krzysztof kozlowski konwert	eq	1.8

References

bugs.debian.org/496379

dev.gentoo.org/~rbu/security/debiantemp/konwert-filters

uvw.ru/report.lenny.txt

www.openwall.com/lists/oss-security/2008/10/30/2

www.securityfocus.com/bid/30914

bugs.gentoo.org/show_bug.cgi?id=235770

exchange.xforce.ibmcloud.com/vulnerabilities/44821

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-4964

cvelist1 nvd1 ubuntucve1 prion1 debiancve1